Age | Commit message (Collapse) | Author |
|
|
|
|
|
authenticated relaying. one can create many maps holding credentials and
name them however he/she wants, just like any other map.
teach smtpd how to select a credentials map at the rule-level allowing a
setup to relay through the same MX with different credentials depending
on the source.
smtpd.conf.5 updated to reflect changes with help from jmc@
|
|
some rules to have a longer expiry delay than the default:
accept for [...] relay expire 8d # will stay 8 days in queue
I added the man page bits so I don't forget but I need to reword it a bit
|
|
|
|
is way more optimized than what we had earlier and there's definitely stuff
we want to keep, however it is early optimization that doesn't account for
many features and makes them hard (if not impossible) to write without
ugly workarounds that ruin the purpose of the optimizations.
the backout goes to 30 May's right before the commit and catches up on all
the non-queue related commits that happened since then.
i'll work on reintroducing the ideas from this queue when the basic
features we expect from a MTA are implemented.
suggested on tech@ about a week ago, no objections, several "please make
smtpd move forward" mails from hackers and tech readers.
|
|
attempt to expand the local delivery buffer when relaying mail, it was
kind of ok before but no longer is)
- use the same buffer for local deliveries to files and commands
tested by jmc@ and I
|
|
by expanding them to several rules, I forgot to copy the tags to the
expanded rules. this commit unbreaks matching rules by tag.
documentation follows shortly ...
spotted and fixed by me a while ago, jacekm@ timeout
|
|
problem reported with the obvious fix for bgpd by Sebastian Benoit
<benoit-lists at fb12.de>, also PR 6432
applied to all the others by yours truly. ok theo
isn't it amazing how far this parser (and more) spread?
|
|
with help from jacekm@
ok gilles@ jacekm@
|
|
|
|
|
|
Major goals:
1) Fix bad performance caused by the runner process doing full queue
read in 1s intervals. My Soekris can now happily accept >50 msg/s
while having multi-thousand queue; before, one hundred queue would
bring the system to its knees.
2) Introduce Qmail-like scheduler that doesn't write as much to the
disk so that it needs less code for servicing error conditions,
which in some places can be tricky to get right.
3) Introduce separation between the scheduler and the backend; these
two queue aspects shouldn't be too tied too each other. This means
that eg. storing queue in SQL requires rewrite of just queue_backend.c.
4) Make on-disk queue format architecture independent, and more
easily extensible, to reduce number of flag days in the future.
Minor goals:
ENOSPC no longer prevents delivery attempts, fixed session limiting
for relayed mail, improved batching of "relay via" mails, human-readable
mailq output, "show queue raw" command, clearer logging, sending
of single bounce about multiple recipients, exact delay= computation,
zero delay between deliveries while within session limit (currently
1s delay between re-scheduling is enforced), mta no longer requests
content fd, corrected session limit for bounce submissions, tiny
<100B queue files instead of multi-KB, detect loops before accepting
mail, reduce traffic on imsg channels by killing enormous struct
submit_status.
|
|
expand to two rules each having its own condition rather than one rule
with a tail queue of conditions. this simplifies code a bit and removes a
couple hacks.
basic testing by oga and me
|
|
|
|
|
|
virtual AND secrets), adds a description in smtpd.conf.5 and removes a
mention to special map "aliases" which was removed a while ago.
to use plain maps: map "myaliases" { source plain "/etc/mail/aliases" }
code diff was okayd a while ago by jacekm@
|
|
Reported by Rene Maroufi <info@maroufi.net>
|
|
scan_scaled(3) to support the quantifiers rather than rolling my own code.
prompted by jacekm@
|
|
|
|
or so ...
okayd by jacekm@ a while ago
|
|
was reported by nicm@ which spent a couple hours with me trying to
understand what was causing the bug, and helping me write and test fix.
|
|
Nudge by deraadt@
|
|
|
|
while there factor some common code (from jacekm input)
ok jacekm@
|
|
Fix two memleaks in purge_config().
First problem spotted by parfait, the other ones - by myself.
"looks good" gilles@
|
|
valid map id, then we have no way to know for these structures if they have
a reference to a map, or if the member was not set. make map id start at 1.
|
|
smtpd is now capable of looking primary domains at runtime in a set, which
means that the following becomes possible:
map "primary" { source db "/etc/mail/primary.db" }
accept for domain map "primary" deliver to mbox
while at it fix a couple bugs in the aliases resolution path which caused
recipients to bounce if a ruleset did not have an "accept for local" rule
"diff reads good" jacekm@, flush queue & make clean
|
|
for multiple aliases maps that can be attached at the rule level. with it,
you can for example define different aliases maps for different domains or
different aliases maps for the same domain depending on the client source:
map "localiases" { source db "/etc/mail/localiases.db" }
map "netaliases" { source db "/etc/mail/netaliases.db" }
accept from 192.168.0.0/16 for local alias "localiases" deliver to mbox
accept from all for local alias "netaliases" deliver to mbox
idea discussed with jacekm@ and various other hackers, diff contains some
bug fixes too which were not part of the original diff. man page follows
very shortly ... make clean & flush queue !
|
|
of: accept for virtual map "mapname" ...
discussed with jacekm@
|
|
options but they will all share the same ruleset. this means that there
is no way to have a rule apply to a session established on one listener
but not applied on another.
this commit brings initial support for tagging listeners and having the
rules able to match these specific listeners. The following will define
a rule which will only apply to interfaces tagged as "mynet":
listen on lo0 # implicit lo0 tag
listen on fxp0 tag mynet
listen on fxp1 tag mynet
accept on mynet for domain "example.org" deliver to mbox
|
|
teach smtpd how to deliver using specific user permissions:
accept for virtual map "foo" deliver to maildir "/m/%d/%u" user foo
will deliver mail under /m/domain/user as user foo
idea and initial diff discussed with jacekm@
|
|
domains. this means that:
- virtual domains no longer deliver to a local user when not told to
- they no longer attempt to resolve aliases when not told to
- they no longer need an explicit rule in smtpd.conf for EACH domain
- the "virtual" map is no longer hardcoded
- smtpd no longer needs a restart to support a new domain
instead we introduce the: accept for virtual map "mapname" [...] syntax
which refers to a map that can be manipulated at runtime.
idea discussed and okayd with jacekm@
|
|
required. Requested by jmc@, gilles@ ok.
|
|
default; from gilles@
|
|
configuration reloading without killing active sessions; ok jacekm@
|
|
host which requests client certificates:
accept [...] relay via [...] ssl certificate "mycert"
diff from Josh Elsasser <josh@elsasser.org>, tested and okayed by me with
no change but the addition of status 554 to the state machine to deal with
remote host telling us it doesn't like our certificate.
|
|
that the ip address/subnet parsing isn't done in the same way as
in other daemons.
fix by gilles@
|
|
that has an implicit local source. instead we create static "localhost" map
before the configuration file is parsed, we fill it with every single local
address we can find, and we have rules with implicit local source reference
that special map.
this unbreaks a behavior which I hated and which prevented:
accept for all relay
from accepting relaying if LOCAL session was initiated on any interface but
lo0.
|
|
the configuration file again and replace current configuration with new one
in all processes. what we don't support yet is graceful restart, clients in
sessions at the moment of the reload will have a temp failure thrown at 'em
which is ok RFC-wise but which we will try to improve anyway.
tested with various setups, "diff reads good" jacekm@
|
|
when a certificate name was explicitely provided. This would cause imsg to
fatal() because with some configurations, it would look for the wrong name
in the ssl tree and would fail to find the proper cert.
issue spotted by Gregory Edigarov <gregory.edigarov@gmail.com>, I found the
fix just a few minutes ago when I succeeded to reproduce the issue...
|
|
1) kill the ssmtp keyword in "ssmtp listen on ...";
2) kill the use keyword in "... use certificate foo";
3) tls no longer implicit, user must explicitely use the tls or smtps option.
4) for "relay via", move the tls/smtps options to right after the
port specification; makes it similar to "listen on".
These directives:
ssmtp listen on fxp0 use ceritifate "foo"
accept for all relay via tls "mx.bar.com"
now become:
listen on fxp0 smtps certificate "foo"
accept for all relay via "mx.bar.com" tls
ok gilles@
|
|
allocations fails.
looks right deraadt, krw
ok henning
|
|
because of a missing htons()
|
|
"localhost" and system hostname. this allows us to ship with a config file
that goes: accept for local deliver to mbox , and which will allow us to
have mail working sanely out of the box.
|
|
can be turned on by adding "enable auth" to a "relay via" rule. this made
me rework the mx resolution so that it is done by the mta process and not
the runner process anymore.
|
|
if someone comes with good rationale why this is needed, we'll consider it,
meanwhile it's more work than it looks like and it brings a lot of pain.
discussed with jacekm@ and deraadt@
|
|
ok jacekm@
|
|
no binary changes
ok gilles@
|
|
store a lot of its session related code, but this is just not right and
this commit starts making mta code aware of struct session. This will
ease the implementation of ssl sessions in mta.
while at it, make mta autodetect port to use if it isn't provided in a
rule but can be derived from a parameter (i.e: "relay via ssmtp ...").
|